I'm trying to translate an attribute in active directory to one I can
use with my unix boxen. Right now I'm using attribute mappings in
much the same fasion as padl's nss_ldap module which is working great
except for the posix group attribute. My AD server stores unix groups
like so in an object class

No, what you need is to recompile your nss_ldap with support for
RFC2307bis, which uses DN-valued members for posixGroup.
And of course, further discussion of this topic belongs on the nss_ldap
mailing list, it has nothing to do with OpenLDAP software.